Search results for script hack | Breaking Cybersecurity News | The Hacker News

Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack. Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server. However, after closely analysing the scanning script, Newsky Security researcher Ankit Anubhav found that the tool also contains a secret backdoor, which essentially allows its creator to " hack the hacker. " "For an attacker's point of view, it can be very beneficial to hack a hacker," ...

A widespread hack spread across Facebook early Thursday morning and shows no signs of abating as of yet. It comes in the form of a script that posts heavily profanity-laden wall posts continuously, instructing you that the only way to remove the posts is to click a 'Remove This App' link. Unfortunately the link is a hoax and allows the malicious script to access your Facebook account. Your account will then continue to spread the script in the form of similarly formatted wall posts on your friends accounts. The message uses the phrase 'Vote for Nicole Santos', leading some to believe that it is a high school prank related to Prom season. Here is a link  ( https://pastebin.com/u5abvXQi ) to the raw code of the script causing the problems on Facebook. If any of you commenters have any suggestions as to how this might have been injected in the first place please do let us know. Unsurprisingly many are trying to trace the source back to the 'Nicole Santos' that may have originat...

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform StatCounter . However, after analyzing the code, the researchers found that hackers managed to compromise StatCounter and successfully replaced its tracking script with malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange. Like Google Analytics, StatCounter is also an old, but popular real-time web analytics platform reportedly being used by more than two million websites and generates stats on over 10 billion page views per month. Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange Though the malicious code was also inject...

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky (aka Emerald Sleet, Springtail, or Velvet Chollima). "The malware payloads used in the  DEEP#GOSU  represent a sophisticated, multi-stage threat designed to operate stealthily on Windows systems especially from a network-monitoring standpoint," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical analysis shared with The Hacker News. "Its capabilities included keylogging, clipboard monitoring, dynamic payload execution, and data exfiltration, and persistence using both RAT software for full remote access, scheduled tasks as well as self-executing PowerShell scripts using jobs." A notable aspect of the infection proced...

USA Today Twitter Account Hacked By Script Kiddie A group calling itself " The Script Kiddies " hacked USA Today's Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC's Twitter account. USA Today quickly regained control of the compromised feed. " @usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control ," it said. " We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday ." It's possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News's director of social media Ryan Osborn could have received a Trojan horse conta...

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image. Here's why: Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition . "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016. Who are affected? As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition. The situation happened last night, s...

How to Hack a Facebook Account? That's possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills. Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Gurkirat Singh from California recently discovered a loophole in Facebook's password reset mechanism that could have given hackers complete access to the victim's Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can. The attack vector is simple, though the execution is quite difficult. The issue, Gurkirat ( @GurkiratSpeca ) says, actually resides in the way Facebook allows you to reset your password. The social network uses an algorithm that generates a random 6-digit passcode ‒ ...

Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit. Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts. Email from phishers have text, " Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone's profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script, ". Hackers try to convince readers by showing a exploi...

An Australian teenager who pleaded guilty to break into Apple's private systems  multiple times over several months and download some 90GB of secure files has avoided conviction and will not serve time in prison. An Australian Children's Court has given the now 19-year-old adult defendant, who was 16 at the time of committing the crime, a probation order of eight months, though the magistrate made him understand how serious his offense was. The teen, whose cannot be named under a local law that protects the identity of juveniles, told the court that he hacked into Apple's systems because he was a huge fan of the company and "dreamed of" working for the technology giant. The "Hacky Hack Hack" Folder The teen hacked into Apple's servers not once, but numerous times over the course of more than a year—between June 2015 and November 2016, and in April 2017. As soon as the tech giant detected his presence on their servers, it blocked him and...

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043 , affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly. PHP-FPM is an alternative PHP FastCGI implementation that offers advanced and highly-efficient processing for scripts written in PHP programming language. The main vulnerability is an "env_path_info" underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers. The vulnerability was spotted by Andrew Danau, a security researcher at Wallarm while hun...

If you are a die heart fan of 'Game of Thrones' series, there's good news for you, but obviously bad for HBO. Hackers claim to have stolen 1.5 terabytes of data from HBO, including episodes of HBO shows yet to release online and information on the current season of Game of Thrones. What's more? The hackers have already leaked upcoming episodes of the shows "Ballers" and "Room 104" on the Internet. Additionally, the hackers have also released a script that is reportedly for the upcoming fourth episode of "Game of Thrones" Season 7 . According to Entertainment Weekly , hackers claim to have obtained 1.5 terabytes of data from the entertainment giant and informed several reporters about the hack via anonymous email sent on Sunday. Though HBO has confirmed the cyber attack on its network and released a statement, the company did not confirm what the hackers have stolen more information, and whether or not upcoming episodes of the ...

The year is about to end, but serious threats like  Shellshock is " far from over ". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation. Security researchers have unearthed a malicious worm that is designed to plant backdoors on network-attached storage (NAS) systems made by Taiwan-based QNAP and gain full access to the contents of those devices. The worm is spread among QNAP devices, which run an embedded Linux operating system, by the exploitation of the GNU Bash vulnerability known as ShellShock or Bash, according to security researchers at the Sans Institute. QNAP vendor released a patch in early October to address the flaw in its Turbo NAS product, but because the patches are not automatic or easy to apply for many users, so a statistically significant portion of systems remain vulnerable and exposed to the Bash bug . Sh...

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565 . Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade , which is also tracked under the names Earth Kapre, RedCurl, and Red Wolf. The financially motivated threat actor is believed to be active since late 2018 , initially targeting entities in Russia, before expanding its focus to entities in Canada, Germany, Norway, Russia, Slovenia, Ukraine, the U.K., and the U.S. The group has a history of using phishing emails to conduct commercial espionage. However, recent attack waves have found RedCurl to have engaged in ransomware attacks using a bespoke malware strain dubbed QWCrypt . One of the notable tools in the threat actor's arsenal is RedLoader, which s...

There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors' computers to mine cryptocurrency for attackers. The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK's National Health Service (NHS), the Student Loan Company, and data protection watchdog Information Commissioner's Office (ICO), Queensland legislation, as well as the US government's court system. Users who visited the hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers. ...

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. Also included in the list is an Indian banking firm ICICI Bank. AutoHotkey  is an open-source custom scripting language for Microsoft Windows aimed at providing easy hotkeys for macro-creation and software automation that allows users to automate repetitive tasks in any Windows application. The multi-stage infection chain commences with a malware-laced Excel file that's embedded with a Visual Basic for Applications (VBA)  AutoOpen  macro, which is subsequently used to drop and execute the downloader client script ("adb.ahk") via a legitimate portable AHK...

The hacking group that recently hacked HBO has just dropped its second trove of documents, including a month emails of one of the company's executives, and a detailed script of the upcoming fifth episode of "Game of Thrones" Season 7, set to be aired on August 13. The latest release is the second leak from the hackers who claimed to have obtained around 1.5 terabytes of information from HBO, following the release of upcoming episodes of "Ballers" and "Room 104," and a script of the fourth episode of "Game of Thrones." With the release of another half-gigabyte sample of its stolen HBO data, the hacking group has finally demanded a ransom worth millions of dollars from the entertainment giant in order to prevent further leaks. The latest HBO data dump includes company's several internal documents, including emails, employment agreements, financial balance sheets, and marketing-strategy PDFs, along with the script of the yet-to-ai...

FOX News Twitter Account Hacked by 5CR1PT K1DD3S Fox News Politics Twitter account @foxnewspolitics  hacked last night.  The account's icon had been changed from the Fox News Politics logo and featured the following new description: " H4CK3D BY TH3 5CR1PT K1DD3S. " Hacker's Personal account was  @TheScriptKiddie on twitter, but After hack, Twitter has suspended his account. Then hacker made another announcement via  Fox News Politics Twitter account  that " twitter has suspended TheScriptKiddie please follow @ScriptKiddi3 for future releases. we have confirmed Fox News is aware of the attack. " THN talk with " The Script Kiddies " Group. They Reply : " We are a new group called The Script Kiddies. As i have stated in past interviews we do have connections to anonymous, however this does not represent them in anyway. personally I have been part of many hacks leading back to HBgary and #operationPyaback with anonymous . we will not ...

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr...

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News . The FBI's Cyber Division released a " Flash Alert " to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions. "In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads. "The majority of the data exfiltr...